Dan York on how Voice over IP is rewriting (almost) everything you thought you understood about telephony...

Posts categorized "IPv6"

Today at 12 noon US Eastern (in about 3.5 hours), I'll be part of a panel on the VoIP Users Conference (VUC) talking about IPv6, WebRTC, the Internet of Things (IoT) and much, much more... you should be able to watch it live at live.vuc.me or embedded here:

VUC host Randy Resnick had a scheduled guest be unable to attend and so he asked a group of us to come on for what he is calling a "VUC Vision" session. I will be on there, as will, I believe, Tim Panton and a number of others. I expect the discussion should range over good variety of topics. It should be a good time... you're welcome to join in the discussion.

How does the Jitsi softphone work with IPv6? And what role could DNSSEC play with VoIP? At IETF86 earlier this month, I sat down with Emil Ivov, project leader of the Jitsi Project to talk about a wide range of topics including how Jitsi got started and why it does so much with IPv6 (interesting reason!), what they are looking to do with Jitsi now, the role of DNSSEC and why they added that support to Jitsi... and much, much more...
I quite enjoyed talking to Emil and the Jitsi project is certainly one that I will continue to watch - and use!

As I say in the video (below), my big fear is that IPv4 address exhaustion will create a situation where Internet Service Providers (ISPs) will use what is called "carrier-grade NAT (CGN)" or "large-scale NAT (LSN)" to put all their subscribers behind a single public IPv4 address.

The ISPs then become the gatekeepers. They can determine what you will view - or what you will pay to view certain types of content. They could also potentially restrict customer's access to the next great new service... the next Twitter or Facebook, for instance... until that service pays the ISP for access to customers.

It can completely flip the Internet around from one that thrives on "permission-less innovation" where anyone can create any service and make it available to all... to an Internet that is "permission-based" with gatekeepers controlling access at key points.

The migration to IPv6 does not, of course, remove the threat that the Internet very well could move toward a permission-based network... but the move to IPv6 removes IPv4 address exhaustion as an excuse to implement walled gardens.

To me, deploying IPv6 is a critical step to keeping the Internet open to innovation!

I'm there with my team from the Internet Society and one of our primary purposes will be to get a sense of the state of IPv6 support - or NOT - among consumer electronics providers. As large carriers look at how they can roll out IPv6 within their networks, having home equipment that supports IPv6 will become more important in the years ahead.

At the show, we will be meeting with some vendors who want to understand more about how to move their products to IPv6 and also talking with media about the launch of our new Deploy360 site to help accelerate the deployment of IPv6 and DNSSEC. We'll also be part of a presentation on Saturday with a representative from Comcast explaining IPv6 issues to a IEEE conference for consumer electronics vendors.

And, of course, we'll be walking all over the show floor seeking out vendors who have IPv6 support. We'll see what we find!

On a personal note, it will be interesting to go to CES. While I've attended hundreds of shows/conferences over the years, including the even larger CeBIT show over in Germany, I've never made to CES before this year. I've heard a great amount about the madness there, of course, and watched the coverage from afar. So it will be interesting to be on the ground there.

You can, of course, expect that I'll be tweeting a good bit both from @danyork and @deploy360 (although a colleague of mine may be doing most of the tweeting from that account). I'm also planning to put up some posts on CircleID related to what I find... and of course the Deploy360 blog.

IF YOU ARE OUT AT CES and want to connect, please shoot me an email, call me or ping on Twitter.

How can we accelerate the usage and deployment of IPv6 and DNSSEC? What are the barriers to getting those technologies more widely deployed? How can we "take away the pain" of getting started with IPv6 and DNSSEC?

When I joined the staff of the Internet Society back in late September, the project I joined was charged with looking at questions like that and developing a means to promote online resources that would help speed up the usage of IPv6 and DNSSEC.

Yesterday, after a long 3 months of hard work, we formally announced what we are now calling the "Internet Society Deploy360 Programme" located at:

On that site, you will find real-world deployment information about how to get started with both technologies. Case studies, how-to documents, links to other sites, and much, much more...

THIS LAUNCH IS JUST THE BEGINNING!

The site is certainly incomplete... we wanted to get the site out there and now my task over the months ahead is to fill the site up with answers to questions and pointers to new information.

We're not looking to add ALL the information found on the web about IPv6 and DNSSEC, but rather the best information we can find.

And where we can't find information that answers specific questions, we'll be creating new materials either directly ourselves or with partners. As an example, I'm working right now on some tutorials about how to add DNSSEC support into Firefox, and how to configure DNSSEC for your domain at a couple of different registrars.

And let me tell you, it is EXTREMELY clear to me now that this program(me) is definitely needed, as many parts of both DNSSEC and IPv6 are in desperate need of geek-to-common-language translation! Just sorting through some of the steps myself, it's very clear that there's a good bit of pain that needs to be taken away...

To that end, we will be constantly adding new material and resources as we both find and create new content - both in text, video and other forms.

Our goal is also to help foster the conversation around these topics, and so we'll have a constant stream of blog posts and will, of course, be engaging via many forms of social media. You can be part of what we are doing by:

and I would definitely encourage you to join us on as many of those channels as you use. We're also actively seeking volunteers to assist us and have been rather humbled and pleased by the great amount of interest and support we've already seen.

I'm excited to get this project out there... and am looking forward to the months ahead as we build the momentum to help get both IPv6 and DNSSEC more widely deployed!

Please do take a look around the Deploy360 site. I'd love to hear any feedback or suggestions you have. Are there other questions we can be answering? What are the barriers you have found to using these technologies? Are there sites or resources that you found very helpful that we don't have on the site yet? Please do let me know! Drop me an email, fill out our feedback form, ping me on one of the various social media... heck, leave a comment to this blog post! Somehow... I'd love to know what you think.

You’re busy. We get it. This industry moves fast and you’ve got your hands full keeping your networks updated and secure from the threat of the day. But why is it taking so long to deploy IPv6, DNSSEC, and other standards coming out of the IETF? These standards are the future of the Internet, but deployment to date has been slow.

He'll be outlining the new ISOC project of which I am a part that aims to help speed up the deployment of these standards - and asking for feedback and help. I will be there along with another team member, Megan Kruse, to talk with folks about the project and interact with people involved with IPv6, DNSSEC and other technologies.

It's been a good number of years since I last attended a USENIX conference but I'm very much looking forward to getting back with the crowd. Looks like some excellenttechnical talks so I'm looking forward to learning a good bit.

If you are down at LISA, please do feel free to drop me a note - or find me on Twitter. I expect I'll be tweeting out of the event and probably posting some thoughts and comments.

Now, granted, the initial rollout was to only 100 homes in San Francisco's East Bay. It is also restricted to a single computer directly connected to a Comcast cable modem. This initial rollout did not support home routers which are typically found for WiFi in many/most homes these days.

Still... it's a start!

The experience Comcast gains with this initial rollout will only help them with wider rollouts and the inclusion of home routers.

Kudos to Comcast for this start of their IPv6 rollout... I'm looking forward to hearing of other service providers starting their IPv6 deployments! (Time Warner, I'm talking about you! :-)

UPDATE: Comcast has now come out with two of their own blog posts on this topic:

It is also important to note that we are deploying native dual stack, which means a customer gets both IPv6 and IPv4 addresses. That means we are not using tunneling technology or large scale Network Address Translation (NAT). Using a tunnel introduces additional overhead compared to not using one (native IPv6), as your traffic must traverse a relaybefore going to the destination and back. And NAT technologies rely on two layers of NAT, one in your home (in a home gateway device), and one within a the service provider's network that usually shares a single IPv4 address across possibly hundreds of customers or more. Using NAT presents many challenges compared to not using NAT, as your traffic must traverse a NAT device before going to the destination and back. In addition, we believe those two layers of NAT will break a number of applications that are important to our customers.

Would you like to learn about how to deploy IPv6? Would you like to hear from people who are already using IPv6 within their networks? Would you like to learn a bit about DNSSEC and how it can help you secure your online presence?

New ISOC Initiative – Bridging the Divide Between IETF Standards and Industry-wide Deployment

Panel Discussion: Challenges and Opportunities in Deploying IPv6, DNSSEC, and Other Key Technologies

World IPv6 Day Recap (my presentation)

Ask the Expert: Next Steps to Implementing IPv6

Closing Remarks and Q&A

We're looking forward to providing a great session for people to ask questions and talk about how to get these technologies actually deployed in networks today.

The ION conference is part of the larger 2011 Canadian ISP Summit that takes place on the following two days and is included as part of the registration for the Canadian ISP Summit.

However, registration for the ION conference is FREE if you just want to attend the half-day session on Monday. You can sign up through the Canadian ISP Summit registration page, where one of the available options is for the ION ONLY registration.

(NOTE: If you do sign up for the free ION Only registration, the lunch and dinner listed on the agenda are not included. Those are part of the full registration.)

We just had a very successful ION event in Buenos Aires last month and we're looking forward to great conversations and discussions up in Toronto - I hope to see you there!

P.S. A couple of people have already asked me if I'm going to be able to spend more time in Toronto (and meet them). Unfortunately due to family medical issues I'm just in Toronto for Monday and will be flying back Tuesday morning. Normally I would have loved to stay for this full event because some of the other sessions look great - and Toronto is also an outstanding place to visit.

Now, of course ideally we'd like that to be 100%, but hey, it's at least a good start!

There is also some narrative further down the report about "IPv6 Focused Tests" with some interesting info. One interesting note seems to be this:

Most UAs that supported dual-stack had a configuration to tell the application
to ignore any returned AAAAs due to issues encountered in deployments where
endpoints autoconfigured IPV6 that didn't actually work.

In the web world this has been referred to as the "happy eyeballs" problem where a browser will try a DNS AAAA record to get to a site over IPv6 and then eventually will fail back to trying the A record to go over IPv4. The delay will cause the user to be very UNhappy. There are a couple of ways to address the issue with the usual one being to try both IPv6 and IPv4 addresses simultaneously and then connect over whichever one responds back first. (There is an entire "happy eyeballs" Internet-Draft that goes into this topic for those interested.)

From this simple sentence it would sound to me like the implementations are NOT supporting a "happy eyeballs" approach for SIP but are rather providing an "ignore IPv6" configuration setting. I wasn't there so I don't know... but I would hope that over time all dual-stack SIP implementations would move to supporting this kind of approach (versus disabling IPv6).

It was also good to see that tests occurred in a mixed environment:

We successfully tested
calls going though a mix of v4 and v6 hops (accruing Via and Route/Record-Route
headers with addresses in both families.

Wearing my security hat I was also pleased to see this:

80% of the endpoints present supported SRTP using sdes

Again, you'd love 100%, but at least this shows the availability of SRTP should companies decide to enable SRTP.

Lots of other great commentary in the SIPit 29 summary around STUN/TURN/ICE and many other issues. Definitely worth a read if you are interested in SIP.

And... if you a creator of SIP-related hardware and software, watch the SIPit website for news of the next SIPit event so that you, too, can join in the testing!

And if you have not heard of SIPit before, here's a video I did back in September 2009 with organizer Robert Sparks:

I'll be speaking twice. First on Wednesday the 5th at 4pm on "The Current State of VoIP Security", wearing my VOIPSA hat and leading off a series of talks about security. I'll be providing an overview of the main threats to VoIP and communications security in general, leading the way into the two more specific talks following mine.

I'm rather excited that my second session will be my first public appearance wearing my new Internet Society hat (if you are not aware, I've posted details about my recent move) and will of course be about IPv6... more specifically "How IPv6 Will Impact SIP And Telecom".

Due to ongoing events on the personal front, I wasn't sure that I was going to make it out there... and quite frankly there's still a chance that I won't... but I should be out there.

If you look at the conference schedule, the speakers include outstanding people involved with so many different aspects of real-time communications. It should be truly an excellent event!